Synpulse Holding AG and its companies (together, the “Synpulse Group”) are providing this Privacy Notice and are referred to herein as “Synpulse”, “Synpulse Group”, “we”, “us” or “our”. Synpulse is committed to protecting your information by handling it responsibly and safeguarding it using appropriate technical, administrative, and physical security measures in accordance with applicable Data Protection Legislation and Synpulse’s Group Data Protection Policy and related policies. 

This Privacy Notice explains what information we gather about you, what we use it for, and who we share it with (the “Privacy Notice”). It also explains the lawful bases for processing, how long your data is retained, the safeguards applied to cross-border transfers, and your rights under applicable Data Protection Legislation. In addition, it sets out your rights and who you can contact for more information or queries. 

Information About You that We Process 

We may process information about you that: (i) you provide to us, (ii) that we obtain from third parties or (iii) that is publicly available. This information may include your name, age, gender, date of birth and contact details. It may also include ‘sensitive’ or ‘special categories’ of personal data, such as dietary requirements or mobility information where necessary for a defined and legitimate purpose (for example, accessibility or event-related requirements). 

We process personal data in accordance with the principles of purpose limitation and data minimisation and only collect data that is adequate, relevant, and necessary for the purposes for which it is processed. For a more detailed description of the information about you that we may process, please see below. 

How We Use Information About You 

We collect and process information about you and/or your business to enable us, the Synpulse Group, to: 

• provide our services to you; 
• provide you with information that we think may be of interest to you; and 
• to meet our legal or regulatory obligations. 

For a more detailed description of how we use information about you, please see below. 

When we send you information we think you might be interested in, you have the right to unsubscribe at any time by contacting us as set out here, or by following the unsubscribe instructions in our communications. 

Sharing and Transferring Your Information 

We may share information about you across the Synpulse Group, and with some third parties who may process personal data on our behalf under appropriate contractual and security safeguards. For further information on Synpulse Group companies, please refer to the Legal Notice. For more information on data processing, please see below. 

We may transfer some information about you to countries outside the European Economic Area where Synpulse operates or where our approved service providers are located. Where we do so, we apply appropriate transfer safeguards (including, where applicable, the International Data Transfer Frameworks and the Synpulse Intra-Group Data Transfer Agreement), as described below.  

Your Rights 

Your rights under data protection laws include the following: 

• Right to Information and Transparency – to be informed how and why your personal data is processed, including purposes, lawful bases, retention, cross-border safeguards, and your rights. 
• Right to Access and Transfer – to obtain confirmation of processing and receive a copy of your personal data, and, where required by law, request its transmission to another controller (data portability). 
• Right to Rectification – to request correction of inaccurate or incomplete personal data. 
• Right to Erasure, Restriction, and Objection – to request deletion, restriction, or object to processing on legitimate grounds. 
• Right to Withdraw Consent – to withdraw consent at any time where processing is based on consent. 
• Direct Marketing and Automated Decision-Making – to object at any time to processing for direct marketing, profiling, or automated decision-making with legal or significant effects. 

For more information about your privacy rights please see below. 

If you have any questions or comments about privacy issues or wish to exercise any of the rights set out above, please write to Group Data Protection Officer, Synpulse Holding AG, Sonnenbergstrasse 19, CH-6052 Hergiswil, Switzerland, or email dataprotection@synpulse.com. 

Scroll down to see the Privacy Notice in full to take you to the more detailed sections of the notice. 

1. Who this privacy statement applies to and what it covers 
2. What personal data we collect 
3. Personal data provided by or about third parties 
4. How we use your personal data 
5. The legal grounds we use for processing personal data 
6. Sharing your personal data 
7. Transferring your personal data 
8. Protecting your personal data 
9. How long we keep your personal data for 
10. Your rights 
11. Sending you marketing information 
12. Contact and Data Protection Officers 
13. Changes to this privacy statement 

In this statement: 

“Data Protection Legislation” means (i) the Swiss Federal Act on Data Protection of 19 June 1992 (FDPA), (ii) the New Swiss Federal Act on Data Protection (nFADP) of 01 September 2023, (iii) the EU General Data Protection Regulation 2016/679 (GDPR), (iv) the UK General Data Protection Regulation, (v) the Singapore Personal Data Protection Act 2012 (PDPA), (vi) the Philippines Data Privacy Act of 2012, (vii) the Australia Privacy Act 1988 (as amended), (viii) the India Digital Personal Data Protection Act 2023 (upon entry into force), (ix) the China Personal Information Protection Law (PIPL), and (x) the Hong Kong Personal Data (Privacy) Ordinance (PDPO), together with any other applicable laws and regulations relating to data protection or privacy. 

 

“International Data Transfer Frameworks” means the EU-US Data Privacy Framework, the UK Extension, and the Swiss-US Data Privacy Framework, where applicable. 

Cross-border transfers of personal data within the Synpulse Group are governed by Synpulse’s Intra-Group Data Transfer Agreement and other appropriate safeguards, in accordance with applicable Data Protection Legislation.  

“Synpulse Group” refers to Synpulse Holding AG and its companies, being a Swiss privately held group of legal entities held by one holding company. Synpulse Holding AG is a company registered in Switzerland with registered number CHE-103.557.601 and registered office at Sonnenbergstrasse 19, 6052 Hergiswil, Switzerland. For the avoidance of doubt, each Synpulse Group company operates as a legally independent entity, unless expressly stated otherwise. 

“Process” means any operation performed on information about you, including to collect, record, organize, structure, store, alter, use, transfer, destroy or otherwise make available. 

1. Who this Privacy Notice applies to and what it covers   

This Privacy Notice applies to the Synpulse Group as defined above (together, “Synpulse”, “we”, “us” or “our”). 

We are committed to protecting your privacy and handling your information openly and transparently. 

This Privacy Notice explains how we will collect, handle, store and protect information about you when: 

• providing services to you or our clients; 
• you use our website; or 
• performing any other activities that form part of the operation of our business. 

When we refer to “our website” or “this website”, we mean any website, application or digital platform owned, operated or controlled by Synpulse Holding AG or any member of the Synpulse Group, including synpulse.com and any successor or related domains. Further information on Synpulse Group companies is available in the Legal Notice. 

This Privacy Notice includes information on how we share your personal data with other members of the Synpulse Group and with third parties (for example, our service providers). 

In this Privacy Notice, your information is sometimes called “personal data”. We may also refer to “processing” your data, meaning a “Process” as defined above. 

If you provide us with information through any website, application, or digital platform owned, operated, or controlled by any member of the Synpulse Group, we will process your personal data in accordance with this Privacy Notice and applicable Data Protection Legislation. This may include the transfer of personal data to other members of the Synpulse Group or to authorised service providers, subject to appropriate contractual, technical, and organisational safeguards and applicable cross-border transfer requirements. 

If you provide us with information in any jurisdiction where Synpulse operates, we will process your personal data in accordance with applicable Data Protection Legislation. 

We implement appropriate organisational, technical, and governance measures to meet jurisdiction-specific requirements, including where required the appointment of data protection officers or equivalents, breach notification obligations, regulatory registrations or filings, and restrictions or conditions on cross-border transfers. 

Where this website contains links to third-party websites, such websites are governed by their own privacy notices and data protection practices. We encourage you to review those notices before providing personal data on such websites. Synpulse accepts no responsibility or liability for the content of such third-party websites or for their data protection practices. 

2. What personal data we collect 

We may collect, record and use your personal data in physical and electronic form, and will hold, use and otherwise process that data in accordance with Synpulse’s Group Data Protection Policy and related policies, as well as applicable local Data Protection Legislation as set out in this statement. 

When we provide services to you or our clients and perform due diligence checks in connection with our services (or discuss possible services we might provide), we will process personal data about you. We may also collect personal data from you when you use this website. 

We may process your data because: 

• you give it to us (for example, in a form on our website); 
• other people lawfully give it to us (for example, your employer or adviser, or third-party service providers that we use to help operate our business); 
• it is publicly available; or 
• we are required to collect or process the data in order to comply with applicable legal or regulatory obligations (e.g., under tax, employment, court order, or supervisory authority requirements). 

We process personal data only where it is adequate, relevant, and limited to what is necessary for the purposes for which it is collected and processed. 

We may process personal data from you because we observe or infer that data about you from the way you interact with us or others. For example, we (or our service providers) may use cookies (small text files stored in a user’s browser) to support the proper functioning, performance, and usability of the website and to remember user preferences. We do not use cookies or similar technologies for advertising, marketing, profiling, or statistical/analytics purposes. More information on how we use cookies – and how you can control them – can be found in our Cookie Notice. 

You can choose whether non-essential cookies are placed on your device, in accordance with applicable Data Protection Legislation. Essential cookies cannot be disabled as they are strictly necessary for the operation of the website. You may manage your preferences via your browser settings as described in our Cookie Notice. 

The personal data we process may include your: 

• name, gender, age and date of birth; 
• contact information, such as address, email, and mobile phone number; 
• country of residence; 
• lifestyle and social circumstances (for example, your hobbies) where consent was provided; 
• family circumstances (for example, your marital status and dependents) where relevant to the service provided; 
• employment and education details (for example, the organisation you work for, your job title and your education details); 
• financial and tax-related information (for example your income, investments and tax residency) where required for regulatory, contractual, or due diligence purposes; 
• postings or messages on any blogs, forums, platforms, wikis or social media applications and services that we provide (including with third parties); 
• IP address, browser type and language, your access times; 
• information in any complaints you make; 
• details of how you use our products and services; 
• CCTV footage and other information we collect when you access our premises for security, safety, and access-control purposes; and 
• details of how you like to interact with us, and other similar information. 

The personal data we collect may also include so called ‘sensitive’ or ‘special categories’ of personal data, such as details about your: 

• dietary requirements (for example, when Synpulse would like to provide you with lunch during a meeting); 
• health (for example, so that we can make it easy for you to access our buildings, products and services); and 
• sexual orientation (for example, if you provide us with details of your spouse or partner). 

Where required by law, we will obtain your explicit consent through a clear and separate opt-in and apply enhanced security, access controls, and purpose-bound retention. 

If you choose not to provide, or object to us processing, the information we collect (see section 10 below), we may not be able to process your instructions or continue to provide some or all of our services to you or our client. 

3. Personal data provided by or about third parties 

When our client or another third party provides us personal data about you, we rely on their representations and contractual assurances that such personal data has been collected and shared with us in accordance with applicable Data Protection Legislation, including that the relevant data subjects have been informed of the processing and that a valid legal basis applies. 

If we become aware that personal data has been collected or shared with us unlawfully, we will take appropriate steps in accordance with applicable Data Protection Legislation, which may include suspending or ceasing processing and informing the relevant party. 

If any information you give us relates to a third party (such as a spouse, financial dependent, or joint account holder), by providing us with such personal data you confirm that, in line with the above provisions, you are authorised to disclose such information to us and that such disclosure is lawful in accordance with applicable Data Protection Legislation. 

4. How we use your personal data 

We process information about you and/or your business to enable us and other members of the Synpulse Group to provide our services to you, to provide you with information that we think may be of interest to you, and to meet our legal or regulatory obligations. 

Some of your personal data may be used for other business purposes. Below are some examples. 

Use of personal data to provide services to our clients 

We use your personal data to provide services to you, our clients, or other third parties. Where we process personal data on behalf of our clients as a data processor, such processing is typically governed by the applicable Master Services Agreement (MSA) and/or Data Processing Agreement (DPA), or other relevant contractual arrangements. In the event of any inconsistency, the data protection provisions of the relevant agreement shall apply, without prejudice to applicable Data Protection Legislation and data subject rights. Such correspondence or processing may be with: 

• you; 
• other third parties or other members of the Synpulse Group; 
• our service providers; or 
• competent authorities. 

We may also use your personal data to conduct due diligence checks relating to the services. 

Because we provide a wide range of services to our clients or other third parties, the way we use personal data in relation to our services also varies. For example, we might use personal data about: 

• a client’s employees to help the client improve its efficiency in handling such data; or 
• a client’s employees and customers in the course of conducting a system implementation (or similar activity) for a client. 

Use of personal data for other activities that form part of the operation of our business 

We may also use your personal data in connection with: 

• legal or regulatory requirements; 
• requests and communications from competent authorities; 
• client account opening and other administrative tasks; 
• financial accounting, invoicing and risk analysis; 
• relationship management, which may involve: 

(a) sending you thought leadership or details of our products and services; 

(b) contacting you for feedback on services; 

(c) sending you event invitations; and 

(d) other marketing or research purposes subject to applicable consent and opt-out requirements; 

• recruitment and business development, which may involve: 

(a) the use of testimonials from a client’s employees as part of our recruitment and business development materials (with that employee’s permission); and 

(b) the use of third-party data sources to help us verify and improve the information we hold about key business relationships with individuals; 

• services we receive from our professional advisors, such as lawyers, accountants and consultants; 
• investigating or preventing security incidents; or 
• protecting our rights and those of our clients. 

Use of personal data collected via our website 

In addition to the above, we may also use your personal data collected via our website: 

• to manage and improve our website; 
• to tailor limited aspects of the website (such as language or regional preferences) to improve usability; 
• to draw your attention to information about our products and services that may be of interest to you; or 
• to manage and respond to any request you submit through our website. 

To the extent that cookies are used for these purposes, they are limited to those necessary to ensure the functionality, performance, and usability of the website and do not include cookies used for analytics, profiling, or marketing purposes. 

5. The legal grounds we use for processing personal data 

We are required by law to set out in this Privacy Notice the legal grounds on which we rely in order to process your personal data. We rely on one or more of the following lawful grounds: 

• you have explicitly agreed to us processing your information for a specific reason; 
• the processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you; 
• the processing is necessary for compliance with a legal obligation we have such as keeping records for tax purposes or providing information to a public body or law enforcement agency; or 
• the processing is necessary for the purposes of a legitimate interest pursued by us or a third party, which might be: 

(a) to provide our services to you or our clients and other third parties and ensure that our client engagements are well-managed; 

(b) to prevent fraud; 

(c) to protect our business interests; 

(d) to ensure that complaints are investigated; 

(e) to evaluate, develop or improve our services or products; or 

(f) to keep you or our clients informed about relevant products and services and provide you with information, unless you have indicated at any time that you do not wish us to do so. 

To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will do so because: 

• you have given us your explicit consent to process that data; 
• we are required by law to process that data in order to ensure we meet our ‘know your client’ and ‘anti-money laundering’ obligations (or other legal obligations imposed on us); 
• the processing is necessary to carry out our obligations under employment, social security or social protection law; 
• the processing is necessary for the establishment, exercise or defence of legal claims; or 
• you have made the data manifestly public. 

Please note that in certain circumstances it may remain lawful for us to continue processing your personal data even where you have withdrawn your consent, where another lawful legal basis applies. 

This section reflects the lawful bases for processing personal data recognised under applicable Data Protection Legislation. 

Where local data protection laws apply additional or alternative conditions (for example, consent-based regimes or statutory exceptions), we will process personal data in accordance with those local legal requirements. 

The applicable legal basis will depend on the nature of the processing, the purpose for which the personal data is processed, and the jurisdiction in which the processing takes place. 

6. Sharing your personal data 

In connection with any of the purposes outlined in the “How we use your personal data?” section above, we may disclose details about you to: 

• other members of the Synpulse Group or third parties that provide services or online platforms to us and/or the Synpulse Group; 
• competent authorities (including courts and authorities regulating us and other members of the Synpulse Group) where we are legally required or permitted to do so; 
• your employer and/or its advisers, or your advisers where necessary for the relevant engagement or with appropriate authorisation; 
• anyone to whom we may transfer our rights and/or obligations under the Terms of Use; 
• any other person or organisation after a restructure, sale or acquisition of any member of the Synpulse Group, provided such recipient uses your personal data only for the same purposes and subject to appropriate safeguards; 
• credit reference agencies or other organisations that help us make credit decisions and reduce the incidence of fraud; and 
• other third parties where disclosure is necessary for the performance of our services, compliance with legal or regulatory obligations, or the protection of our legitimate business interests, and subject in all cases to appropriate contractual, technical, and organisational safeguards. 

Our website may host various blogs, forums, wikis and other social media applications or services that allow you to share content with other users (collectively “Social Media Applications”). Any personal data that you contribute to these social media applications can be read, collected and used by other users of the application. We have little or no control over these other users, so any information you contribute to these social media applications might not be handled in line with this Privacy Notice. 

7. Transferring your personal data 

Information we hold about you may be transferred to other countries (including countries outside the European Economic Area (“EEA”)), in particular to countries where Synpulse Group companies are established (please refer to the Legal Notice for the list of countries), or where our approved service providers are located. 

Such countries may have less stringent privacy laws than the EEA or Switzerland, so any information held can become subject to such laws and disclosure requirements, including disclosure to governmental bodies, regulatory agencies and private persons. In addition, several countries have agreements under which information is exchanged with other countries for law enforcement, tax and other purposes. 

When we, or our permitted third parties, receive or transfer your personal data outside the EEA, we will impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the EEA. We may also require the recipient to subscribe to international frameworks intended to enable secure data sharing. 

We may also transfer your personal data when: 

• the transfer is to a country deemed to provide adequate protection of your personal data by the European Commission; or 
• where you have consented to the transfer. 

If your personal data is transferred outside the EEA in other circumstances (for example, where required by law), we will make sure it remains adequately protected. 

For jurisdictions with specific cross-border transfer rules, Synpulse complies with applicable local requirements. In Asia Pacific, this means for example that under the Singapore PDPA personal data may only be transferred overseas where the recipient provides a comparable level of protection, and under the Philippines Data Privacy Act transfers must follow National Privacy Commission rules and be supported by appropriate safeguards. China’s PIPL sets strict conditions for transfers, such as government security assessments, standard contractual clauses filed with the regulator, or certification under an approved scheme. India’s DPDP Act 2023 is expected to restrict transfers to jurisdictions approved by government notification once it comes into force. In Australia and Hong Kong, we are required to take reasonable steps to ensure that any overseas recipient provides protection comparable to local standards. In Hong Kong, please note that the cross-border transfer restrictions under Section 33 of the PDPO are not yet in force but may become applicable in the future. 

Cross-border transfers within the Synpulse Group are governed by Synpulse’s Intra-Group Data Transfer Agreement and are subject to contractual, technical, and organisational safeguards. 

Where required, we rely on the European Commission’s Standard Contractual Clauses (including the UK Addendum and Swiss Addendum, as applicable) and supplementary measures to safeguard cross-border transfers of personal data. 

We may share non-personal, anonymized and aggregated information with third parties for several purposes, including data analytics, research, submissions, thought leadership and promotional activity. 

8. Protecting your personal data 

We use a range of measures to ensure we keep your personal data secure, accurate and up to date. These include: 

• education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal data; 
• administrative and technical controls to restrict access to personal data to a ‘need to know’ basis; 
• technological security measures, including firewalls, encryption and anti-virus software; and 
• physical security measures, such as security passes to access our premises. 

In certain jurisdictions, such as Singapore, the Philippines and China, local data protection laws impose specific requirements for security measures (including organizational, physical, and technical safeguards), and we implement controls to comply with these obligations. 

The transmission of data over the internet (including by e-mail) is never completely secure. So, although we use appropriate measures to try to protect personal data, we cannot guarantee the security of data transmitted to us or by us. You should use secure channels where available and avoid sending special category personal data by unencrypted email. 

9. How long we keep your personal data for 

We seek to ensure that we only keep your personal data for the longest of: 

• the period necessary for the relevant activity or services; 
• any retention period that is required by law; or 
• the period in which litigation or investigations might arise in respect of the services. 

In jurisdictions such as Singapore, the Philippines, China and India, local data protection laws impose specific retention limitations, requiring that personal data be kept only for as long as it is necessary for the declared, specific, and legitimate purpose, after which it must be securely deleted or anonymized. Personal data is retained in accordance with Synpulse’s Group Data Protection Policy, applicable legal requirements, and internal retention and disposal standards, applying the stricter requirement where multiple regimes may apply. 

10. Your rights 

You have various rights in relation to your personal data. In particular, you have a right to: 

• obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you; 
• be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third-party sources from where it was obtained, confirmation of whether we undertake automated decision-making, including profiling, and to receive meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you); 
• be informed about the existence of automated decision-making, including profiling, where applicable, as well as the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where permitted by law and subject to appropriate safeguards; 
• ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete; 
• ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data; withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent); 
• receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract); 
• ask us to stop or start sending you marketing messages at any time by using the contact details in section 12 below; and 
• object to our processing of your personal data. 

If you would like to access or see a copy of your personal data, you must ask us in writing. We will endeavour to respond within a reasonable period, and in any event within one month in line with Data Protection Legislation. We will comply with our legal obligations about your rights as a data subject. Where permitted by applicable law, we may request information to verify your identity before responding to a request. 

In certain jurisdictions, such as Singapore, Australia and Hong Kong, the range of statutory rights is narrower than under the GDPR and may be limited to access, correction, and withdrawal of consent. In the Philippines, China and India, broader rights apply, including erasure, blocking or objection, and in some cases portability, subject to the specific conditions of local law. 

To help us ensure that your information is up to date, let us know if any of your personal details change using the contact details set out in section 12. 

You may also use the contact details in section 12 if you wish to make a complaint relating to your privacy. 

11. Sending you marketing information 

We and other members of the Synpulse Group may use your information from time to time to inform you by letter, telephone, email and other electronic methods about products and services (including those of third parties, provided you have given your explicit consent where required by law) that may be of interest to you or where otherwise permitted under applicable marketing and data protection laws. 

In certain jurisdictions such as Singapore, the Philippines, China, India, Australia and Hong Kong, local laws impose specific requirements on the use of personal data for direct marketing, including the need to obtain prior consent or provide prescribed opt-out mechanisms. We will comply with these local requirements when sending you marketing information. 

You may, at any time, ask us and/or other members of the Synpulse Group not to send marketing information to you by following the unsubscribe instructions in communications from us, or contacting us in the way described in section 12 below. 

12. Contact 

If you wish to exercise any of the rights relating to your information set out above, or if you have any questions or comments about privacy issues, or you wish to raise a complaint about how we are using your information you can contact us in the following ways: 

• writing to the Group Data Protection Officer, Synpulse Holding AG, Sonnenbergstrasse 19, 6052 Hergiswil, Switzerland, or 
• sending an email to dataprotection@synpulse.com with sufficient detail to enable us to identify your request and respond appropriately. 

Data Protection Officer (GDPR) 

 

Synpulse Group entities have designated Data Protection Officers in accordance with applicable Data Protection Legislation and the Synpulse Group Data Protection Policy. 

 

Under the EU General Data Protection Regulation (GDPR), Synpulse entities established in the European Economic Area (EEA) are required to provide information about their designated Data Protection Officer and relevant contact details to data subjects. 

 

Accordingly, the following Synpulse Group entities established in the EEA are subject to these GDPR transparency obligations and have designated a Data Protection Officer under the Group Data Protection Officer model: 

 

– Synpulse Holding AG 

– Synpulse Schweiz AG  – Synpulse Deutschland GmbH  – Synpulse Österreich GmbH  – Synpulse Slovakia s.r.o.  – Synpulse France  – Synpulse Luxembourg (branch of Synpulse Deutschland GmbH)  – Synpulse Beteiligungs GmbH  – Synpulse Software Solutions AG  – Synpulse International AG 

– Synpulse UK Ltd  – Synpulse8 Schweiz AG  – Synpulse8 Deutschland GmbH 

 

For these entities, the designated Data Protection Officer is the Group Data Protection Officer: 

Thomas Pfister 

Notwithstanding the above, data subjects may contact the competent Data Protection Officer for any Synpulse Group entity via the following central contact point: 

Email: dataprotection@synpulse.com  

Requests and inquiries will be handled in accordance with applicable Data Protection Legislation and may be forwarded internally to the relevant Group or local Data Protection Officer, as appropriate. 

13. Changes to this Privacy Notice 

We will continue to monitor developments in data protection laws globally, including reforms in the European Union and other EMEA jurisdictions, the Americas, and the Asia-Pacific region, as well as in any other jurisdictions where Synpulse operates, and will update this notice to reflect any new mandatory legal or regulatory requirements. 

When we make changes to this Privacy Notice, we will amend the revision date at the top of this page. The modified or amended Privacy Notice will apply from that date. We encourage you to review this notice periodically to remain informed about how we are protecting your information. 

Privacy Notice – Executive Summary 

Synpulse Holding AG and its companies (together, the “Synpulse Group”) are committed to protecting personal data. This Privacy Notice explains: 

• Scope: Applies to clients, business contacts, website users, and other individuals whose data we process. 
• Data Collected: Identification and contact details, demographics, employment and education information, financial and tax-related data (where required), online identifiers, and usage data, and limited sensitive data (e.g., health or dietary requirements) where strictly necessary. 
• Sources: Data provided by you, obtained from third parties lawfully authorised to share it, or publicly available sources. 
• Use of Data: To deliver services, conduct due diligence, manage relationships, meet legal and regulatory obligations, improve offerings, operate and improve our website, protect our rights and security, and for marketing purposes (with opt-out rights). 
• Legal Basis: Consent (where required), contract necessity, legal obligations, and/or Synpulse’s legitimate interests. 
• Sharing: Within the Synpulse Group, with service providers, advisers, authorities, or other third parties where necessary. 
• Cross-Border Transfers: Data may be transferred globally; Synpulse applies safeguards and complies with applicable local requirements. 
• Cookies: Used only to enable the proper functioning, performance, and usability of our website and to remember user preferences. We do not use cookies for advertising, marketing, profiling, or statistical/analytics purposes. 
• Retention: Kept only as long as necessary for services, legal obligations, or potential disputes. 
• Security: Technical, administrative, and physical measures in place in accordance with Group policies. 
• Your Rights: Access, correction, erasure, objection, restriction, portability (where applicable), and withdrawal of consent. 
• Contact: Group Data Protection Officer, Synpulse Holding AG, Switzerland – dataprotection@synpulse.com. 
• Updates: Notice may change; the latest version applies.

Synpulse Holding AG and its companies (together, the “Synpulse Group”) are providing this Privacy Notice and are referred to herein as “Synpulse”, “Synpulse Group”, “we”, “us” or “our”. Synpulse is committed to protecting your information by handling it responsibly and safeguarding it using appropriate technical, administrative, and physical security measures in accordance with applicable Data Protection Legislation and Synpulse’s Group Data Protection Policy and related policies. 

This Privacy Notice explains what information we gather about you, what we use it for, and who we share it with (the “Privacy Notice”). It also explains the lawful bases for processing, how long your data is retained, the safeguards applied to cross-border transfers, and your rights under applicable Data Protection Legislation. In addition, it sets out your rights and who you can contact for more information or queries. 

Information About You that We Process 

We may process information about you that: (i) you provide to us, (ii) that we obtain from third parties or (iii) that is publicly available. This information may include your name, age, gender, date of birth and contact details. It may also include ‘sensitive’ or ‘special categories’ of personal data, such as dietary requirements or mobility information where necessary for a defined and legitimate purpose (for example, accessibility or event-related requirements). 

We process personal data in accordance with the principles of purpose limitation and data minimisation and only collect data that is adequate, relevant, and necessary for the purposes for which it is processed. For a more detailed description of the information about you that we may process, please see below. 

How We Use Information About You 

We collect and process information about you and/or your business to enable us, the Synpulse Group, to: 

• provide our services to you; 
• provide you with information that we think may be of interest to you; and 
• to meet our legal or regulatory obligations. 

For a more detailed description of how we use information about you, please see below. 

When we send you information we think you might be interested in, you have the right to unsubscribe at any time by contacting us as set out here, or by following the unsubscribe instructions in our communications. 

Sharing and Transferring Your Information 

We may share information about you across the Synpulse Group, and with some third parties who may process personal data on our behalf under appropriate contractual and security safeguards. For further information on Synpulse Group companies, please refer to the Legal Notice. For more information on data processing, please see below. 

We may transfer some information about you to countries outside the European Economic Area where Synpulse operates or where our approved service providers are located. Where we do so, we apply appropriate transfer safeguards (including, where applicable, the International Data Transfer Frameworks and the Synpulse Intra-Group Data Transfer Agreement), as described below.  

Your Rights 

Your rights under data protection laws include the following: 

• Right to Information and Transparency – to be informed how and why your personal data is processed, including purposes, lawful bases, retention, cross-border safeguards, and your rights. 
• Right to Access and Transfer – to obtain confirmation of processing and receive a copy of your personal data, and, where required by law, request its transmission to another controller (data portability). 
• Right to Rectification – to request correction of inaccurate or incomplete personal data. 
• Right to Erasure, Restriction, and Objection – to request deletion, restriction, or object to processing on legitimate grounds. 
• Right to Withdraw Consent – to withdraw consent at any time where processing is based on consent. 
• Direct Marketing and Automated Decision-Making – to object at any time to processing for direct marketing, profiling, or automated decision-making with legal or significant effects. 

For more information about your privacy rights please see below. 

If you have any questions or comments about privacy issues or wish to exercise any of the rights set out above, please write to Group Data Protection Officer, Synpulse Holding AG, Sonnenbergstrasse 19, CH-6052 Hergiswil, Switzerland, or email dataprotection@synpulse.com. 

Scroll down to see the Privacy Notice in full to take you to the more detailed sections of the notice. 

1. Who this privacy statement applies to and what it covers 
2. What personal data we collect 
3. Personal data provided by or about third parties 
4. How we use your personal data 
5. The legal grounds we use for processing personal data 
6. Sharing your personal data 
7. Transferring your personal data 
8. Protecting your personal data 
9. How long we keep your personal data for 
10. Your rights 
11. Sending you marketing information 
12. Contact and Data Protection Officers 
13. Changes to this privacy statement 

In this statement: 

“Data Protection Legislation” means (i) the Swiss Federal Act on Data Protection of 19 June 1992 (FDPA), (ii) the New Swiss Federal Act on Data Protection (nFADP) of 01 September 2023, (iii) the EU General Data Protection Regulation 2016/679 (GDPR), (iv) the UK General Data Protection Regulation, (v) the Singapore Personal Data Protection Act 2012 (PDPA), (vi) the Philippines Data Privacy Act of 2012, (vii) the Australia Privacy Act 1988 (as amended), (viii) the India Digital Personal Data Protection Act 2023 (upon entry into force), (ix) the China Personal Information Protection Law (PIPL), and (x) the Hong Kong Personal Data (Privacy) Ordinance (PDPO), together with any other applicable laws and regulations relating to data protection or privacy. 

 

“International Data Transfer Frameworks” means the EU-US Data Privacy Framework, the UK Extension, and the Swiss-US Data Privacy Framework, where applicable. 

Cross-border transfers of personal data within the Synpulse Group are governed by Synpulse’s Intra-Group Data Transfer Agreement and other appropriate safeguards, in accordance with applicable Data Protection Legislation.  

“Synpulse Group” refers to Synpulse Holding AG and its companies, being a Swiss privately held group of legal entities held by one holding company. Synpulse Holding AG is a company registered in Switzerland with registered number CHE-103.557.601 and registered office at Sonnenbergstrasse 19, 6052 Hergiswil, Switzerland. For the avoidance of doubt, each Synpulse Group company operates as a legally independent entity, unless expressly stated otherwise. 

“Process” means any operation performed on information about you, including to collect, record, organize, structure, store, alter, use, transfer, destroy or otherwise make available. 

1. Who this Privacy Notice applies to and what it covers   

This Privacy Notice applies to the Synpulse Group as defined above (together, “Synpulse”, “we”, “us” or “our”). 

We are committed to protecting your privacy and handling your information openly and transparently. 

This Privacy Notice explains how we will collect, handle, store and protect information about you when: 

• providing services to you or our clients; 
• you use our website; or 
• performing any other activities that form part of the operation of our business. 

When we refer to “our website” or “this website”, we mean any website, application or digital platform owned, operated or controlled by Synpulse Holding AG or any member of the Synpulse Group, including synpulse.com and any successor or related domains. Further information on Synpulse Group companies is available in the Legal Notice. 

This Privacy Notice includes information on how we share your personal data with other members of the Synpulse Group and with third parties (for example, our service providers). 

In this Privacy Notice, your information is sometimes called “personal data”. We may also refer to “processing” your data, meaning a “Process” as defined above. 

If you provide us with information through any website, application, or digital platform owned, operated, or controlled by any member of the Synpulse Group, we will process your personal data in accordance with this Privacy Notice and applicable Data Protection Legislation. This may include the transfer of personal data to other members of the Synpulse Group or to authorised service providers, subject to appropriate contractual, technical, and organisational safeguards and applicable cross-border transfer requirements. 

If you provide us with information in any jurisdiction where Synpulse operates, we will process your personal data in accordance with applicable Data Protection Legislation. 

We implement appropriate organisational, technical, and governance measures to meet jurisdiction-specific requirements, including where required the appointment of data protection officers or equivalents, breach notification obligations, regulatory registrations or filings, and restrictions or conditions on cross-border transfers. 

Where this website contains links to third-party websites, such websites are governed by their own privacy notices and data protection practices. We encourage you to review those notices before providing personal data on such websites. Synpulse accepts no responsibility or liability for the content of such third-party websites or for their data protection practices. 

2. What personal data we collect 

We may collect, record and use your personal data in physical and electronic form, and will hold, use and otherwise process that data in accordance with Synpulse’s Group Data Protection Policy and related policies, as well as applicable local Data Protection Legislation as set out in this statement. 

When we provide services to you or our clients and perform due diligence checks in connection with our services (or discuss possible services we might provide), we will process personal data about you. We may also collect personal data from you when you use this website. 

We may process your data because: 

• you give it to us (for example, in a form on our website); 
• other people lawfully give it to us (for example, your employer or adviser, or third-party service providers that we use to help operate our business); 
• it is publicly available; or 
• we are required to collect or process the data in order to comply with applicable legal or regulatory obligations (e.g., under tax, employment, court order, or supervisory authority requirements). 

We process personal data only where it is adequate, relevant, and limited to what is necessary for the purposes for which it is collected and processed. 

We may process personal data from you because we observe or infer that data about you from the way you interact with us or others. For example, we (or our service providers) may use cookies (small text files stored in a user’s browser) to support the proper functioning, performance, and usability of the website and to remember user preferences. We do not use cookies or similar technologies for advertising, marketing, profiling, or statistical/analytics purposes. More information on how we use cookies – and how you can control them – can be found in our Cookie Notice. 

You can choose whether non-essential cookies are placed on your device, in accordance with applicable Data Protection Legislation. Essential cookies cannot be disabled as they are strictly necessary for the operation of the website. You may manage your preferences via your browser settings as described in our Cookie Notice. 

The personal data we process may include your: 

• name, gender, age and date of birth; 
• contact information, such as address, email, and mobile phone number; 
• country of residence; 
• lifestyle and social circumstances (for example, your hobbies) where consent was provided; 
• family circumstances (for example, your marital status and dependents) where relevant to the service provided; 
• employment and education details (for example, the organisation you work for, your job title and your education details); 
• financial and tax-related information (for example your income, investments and tax residency) where required for regulatory, contractual, or due diligence purposes; 
• postings or messages on any blogs, forums, platforms, wikis or social media applications and services that we provide (including with third parties); 
• IP address, browser type and language, your access times; 
• information in any complaints you make; 
• details of how you use our products and services; 
• CCTV footage and other information we collect when you access our premises for security, safety, and access-control purposes; and 
• details of how you like to interact with us, and other similar information. 

The personal data we collect may also include so called ‘sensitive’ or ‘special categories’ of personal data, such as details about your: 

• dietary requirements (for example, when Synpulse would like to provide you with lunch during a meeting); 
• health (for example, so that we can make it easy for you to access our buildings, products and services); and 
• sexual orientation (for example, if you provide us with details of your spouse or partner). 

Where required by law, we will obtain your explicit consent through a clear and separate opt-in and apply enhanced security, access controls, and purpose-bound retention. 

If you choose not to provide, or object to us processing, the information we collect (see section 10 below), we may not be able to process your instructions or continue to provide some or all of our services to you or our client. 

3. Personal data provided by or about third parties 

When our client or another third party provides us personal data about you, we rely on their representations and contractual assurances that such personal data has been collected and shared with us in accordance with applicable Data Protection Legislation, including that the relevant data subjects have been informed of the processing and that a valid legal basis applies. 

If we become aware that personal data has been collected or shared with us unlawfully, we will take appropriate steps in accordance with applicable Data Protection Legislation, which may include suspending or ceasing processing and informing the relevant party. 

If any information you give us relates to a third party (such as a spouse, financial dependent, or joint account holder), by providing us with such personal data you confirm that, in line with the above provisions, you are authorised to disclose such information to us and that such disclosure is lawful in accordance with applicable Data Protection Legislation. 

4. How we use your personal data 

We process information about you and/or your business to enable us and other members of the Synpulse Group to provide our services to you, to provide you with information that we think may be of interest to you, and to meet our legal or regulatory obligations. 

Some of your personal data may be used for other business purposes. Below are some examples. 

Use of personal data to provide services to our clients 

We use your personal data to provide services to you, our clients, or other third parties. Where we process personal data on behalf of our clients as a data processor, such processing is typically governed by the applicable Master Services Agreement (MSA) and/or Data Processing Agreement (DPA), or other relevant contractual arrangements. In the event of any inconsistency, the data protection provisions of the relevant agreement shall apply, without prejudice to applicable Data Protection Legislation and data subject rights. Such correspondence or processing may be with: 

• you; 
• other third parties or other members of the Synpulse Group; 
• our service providers; or 
• competent authorities. 

We may also use your personal data to conduct due diligence checks relating to the services. 

Because we provide a wide range of services to our clients or other third parties, the way we use personal data in relation to our services also varies. For example, we might use personal data about: 

• a client’s employees to help the client improve its efficiency in handling such data; or 
• a client’s employees and customers in the course of conducting a system implementation (or similar activity) for a client. 

Use of personal data for other activities that form part of the operation of our business 

We may also use your personal data in connection with: 

• legal or regulatory requirements; 
• requests and communications from competent authorities; 
• client account opening and other administrative tasks; 
• financial accounting, invoicing and risk analysis; 
• relationship management, which may involve: 

(a) sending you thought leadership or details of our products and services; 

(b) contacting you for feedback on services; 

(c) sending you event invitations; and 

(d) other marketing or research purposes subject to applicable consent and opt-out requirements; 

• recruitment and business development, which may involve: 

(a) the use of testimonials from a client’s employees as part of our recruitment and business development materials (with that employee’s permission); and 

(b) the use of third-party data sources to help us verify and improve the information we hold about key business relationships with individuals; 

• services we receive from our professional advisors, such as lawyers, accountants and consultants; 
• investigating or preventing security incidents; or 
• protecting our rights and those of our clients. 

Use of personal data collected via our website 

In addition to the above, we may also use your personal data collected via our website: 

• to manage and improve our website; 
• to tailor limited aspects of the website (such as language or regional preferences) to improve usability; 
• to draw your attention to information about our products and services that may be of interest to you; or 
• to manage and respond to any request you submit through our website. 

To the extent that cookies are used for these purposes, they are limited to those necessary to ensure the functionality, performance, and usability of the website and do not include cookies used for analytics, profiling, or marketing purposes. 

5. The legal grounds we use for processing personal data 

We are required by law to set out in this Privacy Notice the legal grounds on which we rely in order to process your personal data. We rely on one or more of the following lawful grounds: 

• you have explicitly agreed to us processing your information for a specific reason; 
• the processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you; 
• the processing is necessary for compliance with a legal obligation we have such as keeping records for tax purposes or providing information to a public body or law enforcement agency; or 
• the processing is necessary for the purposes of a legitimate interest pursued by us or a third party, which might be: 

(a) to provide our services to you or our clients and other third parties and ensure that our client engagements are well-managed; 

(b) to prevent fraud; 

(c) to protect our business interests; 

(d) to ensure that complaints are investigated; 

(e) to evaluate, develop or improve our services or products; or 

(f) to keep you or our clients informed about relevant products and services and provide you with information, unless you have indicated at any time that you do not wish us to do so. 

To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will do so because: 

• you have given us your explicit consent to process that data; 
• we are required by law to process that data in order to ensure we meet our ‘know your client’ and ‘anti-money laundering’ obligations (or other legal obligations imposed on us); 
• the processing is necessary to carry out our obligations under employment, social security or social protection law; 
• the processing is necessary for the establishment, exercise or defence of legal claims; or 
• you have made the data manifestly public. 

Please note that in certain circumstances it may remain lawful for us to continue processing your personal data even where you have withdrawn your consent, where another lawful legal basis applies. 

This section reflects the lawful bases for processing personal data recognised under applicable Data Protection Legislation. 

Where local data protection laws apply additional or alternative conditions (for example, consent-based regimes or statutory exceptions), we will process personal data in accordance with those local legal requirements. 

The applicable legal basis will depend on the nature of the processing, the purpose for which the personal data is processed, and the jurisdiction in which the processing takes place. 

6. Sharing your personal data 

In connection with any of the purposes outlined in the “How we use your personal data?” section above, we may disclose details about you to: 

• other members of the Synpulse Group or third parties that provide services or online platforms to us and/or the Synpulse Group; 
• competent authorities (including courts and authorities regulating us and other members of the Synpulse Group) where we are legally required or permitted to do so; 
• your employer and/or its advisers, or your advisers where necessary for the relevant engagement or with appropriate authorisation; 
• anyone to whom we may transfer our rights and/or obligations under the Terms of Use; 
• any other person or organisation after a restructure, sale or acquisition of any member of the Synpulse Group, provided such recipient uses your personal data only for the same purposes and subject to appropriate safeguards; 
• credit reference agencies or other organisations that help us make credit decisions and reduce the incidence of fraud; and 
• other third parties where disclosure is necessary for the performance of our services, compliance with legal or regulatory obligations, or the protection of our legitimate business interests, and subject in all cases to appropriate contractual, technical, and organisational safeguards. 

Our website may host various blogs, forums, wikis and other social media applications or services that allow you to share content with other users (collectively “Social Media Applications”). Any personal data that you contribute to these social media applications can be read, collected and used by other users of the application. We have little or no control over these other users, so any information you contribute to these social media applications might not be handled in line with this Privacy Notice. 

7. Transferring your personal data 

Information we hold about you may be transferred to other countries (including countries outside the European Economic Area (“EEA”)), in particular to countries where Synpulse Group companies are established (please refer to the Legal Notice for the list of countries), or where our approved service providers are located. 

Such countries may have less stringent privacy laws than the EEA or Switzerland, so any information held can become subject to such laws and disclosure requirements, including disclosure to governmental bodies, regulatory agencies and private persons. In addition, several countries have agreements under which information is exchanged with other countries for law enforcement, tax and other purposes. 

When we, or our permitted third parties, receive or transfer your personal data outside the EEA, we will impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the EEA. We may also require the recipient to subscribe to international frameworks intended to enable secure data sharing. 

We may also transfer your personal data when: 

• the transfer is to a country deemed to provide adequate protection of your personal data by the European Commission; or 
• where you have consented to the transfer. 

If your personal data is transferred outside the EEA in other circumstances (for example, where required by law), we will make sure it remains adequately protected. 

For jurisdictions with specific cross-border transfer rules, Synpulse complies with applicable local requirements. In Asia Pacific, this means for example that under the Singapore PDPA personal data may only be transferred overseas where the recipient provides a comparable level of protection, and under the Philippines Data Privacy Act transfers must follow National Privacy Commission rules and be supported by appropriate safeguards. China’s PIPL sets strict conditions for transfers, such as government security assessments, standard contractual clauses filed with the regulator, or certification under an approved scheme. India’s DPDP Act 2023 is expected to restrict transfers to jurisdictions approved by government notification once it comes into force. In Australia and Hong Kong, we are required to take reasonable steps to ensure that any overseas recipient provides protection comparable to local standards. In Hong Kong, please note that the cross-border transfer restrictions under Section 33 of the PDPO are not yet in force but may become applicable in the future. 

Cross-border transfers within the Synpulse Group are governed by Synpulse’s Intra-Group Data Transfer Agreement and are subject to contractual, technical, and organisational safeguards. 

Where required, we rely on the European Commission’s Standard Contractual Clauses (including the UK Addendum and Swiss Addendum, as applicable) and supplementary measures to safeguard cross-border transfers of personal data. 

We may share non-personal, anonymized and aggregated information with third parties for several purposes, including data analytics, research, submissions, thought leadership and promotional activity. 

8. Protecting your personal data 

We use a range of measures to ensure we keep your personal data secure, accurate and up to date. These include: 

• education and training to relevant staff to ensure they are aware of our privacy obligations when handling personal data; 
• administrative and technical controls to restrict access to personal data to a ‘need to know’ basis; 
• technological security measures, including firewalls, encryption and anti-virus software; and 
• physical security measures, such as security passes to access our premises. 

In certain jurisdictions, such as Singapore, the Philippines and China, local data protection laws impose specific requirements for security measures (including organizational, physical, and technical safeguards), and we implement controls to comply with these obligations. 

The transmission of data over the internet (including by e-mail) is never completely secure. So, although we use appropriate measures to try to protect personal data, we cannot guarantee the security of data transmitted to us or by us. You should use secure channels where available and avoid sending special category personal data by unencrypted email. 

9. How long we keep your personal data for 

We seek to ensure that we only keep your personal data for the longest of: 

• the period necessary for the relevant activity or services; 
• any retention period that is required by law; or 
• the period in which litigation or investigations might arise in respect of the services. 

In jurisdictions such as Singapore, the Philippines, China and India, local data protection laws impose specific retention limitations, requiring that personal data be kept only for as long as it is necessary for the declared, specific, and legitimate purpose, after which it must be securely deleted or anonymized. Personal data is retained in accordance with Synpulse’s Group Data Protection Policy, applicable legal requirements, and internal retention and disposal standards, applying the stricter requirement where multiple regimes may apply. 

10. Your rights 

You have various rights in relation to your personal data. In particular, you have a right to: 

• obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you; 
• be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third-party sources from where it was obtained, confirmation of whether we undertake automated decision-making, including profiling, and to receive meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you); 
• be informed about the existence of automated decision-making, including profiling, where applicable, as well as the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except where permitted by law and subject to appropriate safeguards; 
• ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete; 
• ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data; withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent); 
• receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract); 
• ask us to stop or start sending you marketing messages at any time by using the contact details in section 12 below; and 
• object to our processing of your personal data. 

If you would like to access or see a copy of your personal data, you must ask us in writing. We will endeavour to respond within a reasonable period, and in any event within one month in line with Data Protection Legislation. We will comply with our legal obligations about your rights as a data subject. Where permitted by applicable law, we may request information to verify your identity before responding to a request. 

In certain jurisdictions, such as Singapore, Australia and Hong Kong, the range of statutory rights is narrower than under the GDPR and may be limited to access, correction, and withdrawal of consent. In the Philippines, China and India, broader rights apply, including erasure, blocking or objection, and in some cases portability, subject to the specific conditions of local law. 

To help us ensure that your information is up to date, let us know if any of your personal details change using the contact details set out in section 12. 

You may also use the contact details in section 12 if you wish to make a complaint relating to your privacy. 

11. Sending you marketing information 

We and other members of the Synpulse Group may use your information from time to time to inform you by letter, telephone, email and other electronic methods about products and services (including those of third parties, provided you have given your explicit consent where required by law) that may be of interest to you or where otherwise permitted under applicable marketing and data protection laws. 

In certain jurisdictions such as Singapore, the Philippines, China, India, Australia and Hong Kong, local laws impose specific requirements on the use of personal data for direct marketing, including the need to obtain prior consent or provide prescribed opt-out mechanisms. We will comply with these local requirements when sending you marketing information. 

You may, at any time, ask us and/or other members of the Synpulse Group not to send marketing information to you by following the unsubscribe instructions in communications from us, or contacting us in the way described in section 12 below. 

12. Contact 

If you wish to exercise any of the rights relating to your information set out above, or if you have any questions or comments about privacy issues, or you wish to raise a complaint about how we are using your information you can contact us in the following ways: 

• writing to the Group Data Protection Officer, Synpulse Holding AG, Sonnenbergstrasse 19, 6052 Hergiswil, Switzerland, or 
• sending an email to dataprotection@synpulse.com with sufficient detail to enable us to identify your request and respond appropriately. 

Data Protection Officer (GDPR) 

 

Synpulse Group entities have designated Data Protection Officers in accordance with applicable Data Protection Legislation and the Synpulse Group Data Protection Policy. 

 

Under the EU General Data Protection Regulation (GDPR), Synpulse entities established in the European Economic Area (EEA) are required to provide information about their designated Data Protection Officer and relevant contact details to data subjects. 

 

Accordingly, the following Synpulse Group entities established in the EEA are subject to these GDPR transparency obligations and have designated a Data Protection Officer under the Group Data Protection Officer model: 

 

– Synpulse Holding AG 

– Synpulse Schweiz AG  – Synpulse Deutschland GmbH  – Synpulse Österreich GmbH  – Synpulse Slovakia s.r.o.  – Synpulse France  – Synpulse Luxembourg (branch of Synpulse Deutschland GmbH)  – Synpulse Beteiligungs GmbH  – Synpulse Software Solutions AG  – Synpulse International AG 

– Synpulse UK Ltd  – Synpulse8 Schweiz AG  – Synpulse8 Deutschland GmbH 

 

For these entities, the designated Data Protection Officer is the Group Data Protection Officer: 

Thomas Pfister 

Notwithstanding the above, data subjects may contact the competent Data Protection Officer for any Synpulse Group entity via the following central contact point: 

Email: dataprotection@synpulse.com  

Requests and inquiries will be handled in accordance with applicable Data Protection Legislation and may be forwarded internally to the relevant Group or local Data Protection Officer, as appropriate. 

13. Changes to this Privacy Notice 

We will continue to monitor developments in data protection laws globally, including reforms in the European Union and other EMEA jurisdictions, the Americas, and the Asia-Pacific region, as well as in any other jurisdictions where Synpulse operates, and will update this notice to reflect any new mandatory legal or regulatory requirements. 

When we make changes to this Privacy Notice, we will amend the revision date at the top of this page. The modified or amended Privacy Notice will apply from that date. We encourage you to review this notice periodically to remain informed about how we are protecting your information. 

Privacy Notice – Executive Summary 

Synpulse Holding AG and its companies (together, the “Synpulse Group”) are committed to protecting personal data. This Privacy Notice explains: 

• Scope: Applies to clients, business contacts, website users, and other individuals whose data we process. 
• Data Collected: Identification and contact details, demographics, employment and education information, financial and tax-related data (where required), online identifiers, and usage data, and limited sensitive data (e.g., health or dietary requirements) where strictly necessary. 
• Sources: Data provided by you, obtained from third parties lawfully authorised to share it, or publicly available sources. 
• Use of Data: To deliver services, conduct due diligence, manage relationships, meet legal and regulatory obligations, improve offerings, operate and improve our website, protect our rights and security, and for marketing purposes (with opt-out rights). 
• Legal Basis: Consent (where required), contract necessity, legal obligations, and/or Synpulse’s legitimate interests. 
• Sharing: Within the Synpulse Group, with service providers, advisers, authorities, or other third parties where necessary. 
• Cross-Border Transfers: Data may be transferred globally; Synpulse applies safeguards and complies with applicable local requirements. 
• Cookies: Used only to enable the proper functioning, performance, and usability of our website and to remember user preferences. We do not use cookies for advertising, marketing, profiling, or statistical/analytics purposes. 
• Retention: Kept only as long as necessary for services, legal obligations, or potential disputes. 
• Security: Technical, administrative, and physical measures in place in accordance with Group policies. 
• Your Rights: Access, correction, erasure, objection, restriction, portability (where applicable), and withdrawal of consent. 
• Contact: Group Data Protection Officer, Synpulse Holding AG, Switzerland – dataprotection@synpulse.com. 
• Updates: Notice may change; the latest version applies.